Safeguarding Your Organization Against Ransomware: Insights from a CISO

By Harold Rivas · October 23, 2023

October is Cybersecurity Awareness Month, making it a good time to brush up on some best practices you can use all year long to protect and defend your organization against cyber threats like ransomware.

I want to share an anecdote from my past to illustrate how prevalent cyberattacks are and why improving your security posture is essential. Five or six years ago when I was working as the CISO of a financial services firm a malicious phishing email infiltrated the organization during a company-wide town hall. Predictably, an individual clicked on the link, and a cascade of events followed, leading to encrypted network shares and affecting multiple users. Twenty minutes into the town hall, I started to get all these alerts that something bad was happening and had to jet out of the room. Fortunately, we were able to block it and disable the infected users as the malware started to populate. By sheer luck, one of our network admins had been snapshotting our network file shares every hour, so we only lost one hour of data. But this short story highlights how quickly something like this can get out of hand.

The evolving ransomware threat

Threat actors today are increasingly sophisticated. Attackers constantly change their tactics and approaches, making it nearly impossible to determine what they will do.

In the past, ransomware centered around disruption. Attackers would lock organizations out of their sensitive files that are critical to business functions. Now, any sensitive data that organizations wish to keep private is a target.

If you're a smaller company, it's easy to think that attackers won't come for you because they focus on big corporations. However, as evident with the Trellix Advanced Research Center’s recent analysis, small companies are increasingly at risk too.

Best Practices for Ransomware Detection and Response

I often say there is no silver bullet to prevent an attack. Defending against ransomware requires a multifaceted strategy that incorporates these best practices.

1. Build a Strong Foundation of IT Best Practices

Basic but essential measures such as enforcing strict password policies are your first line of defense. Network segmentation, multi-factor authentication (MFA), and strong backups are all ways you can increase your resilience.

2. Test Your Security Controls, Strengthen, and Repeat

Regular security control assessments are crucial tools for identifying weak spots in systems. Simulated attacks and exhaustive vulnerability scans reveal potential entry points for malicious actors. Swiftly patch and remediate vulnerabilities to block exploitation.

3. Forge Solid Company Governance

A well-structured governance model sets the tone from the top, with clear roles and responsibilities for overseeing cybersecurity measures. Regular audits ensure compliance with regulations and internal policies, fostering a vigilant culture. Streamlined communication between leadership, IT teams, and stakeholders accelerates decision-making and prioritizes security initiatives.

4. Make Education the Cornerstone of Your Prevention Strategy

Recognize the human role in cybersecurity and equip your workforce with knowledge to thwart threats. Given email's role as a prime ransomware vector, offer comprehensive training to spot phishing and malicious attachments. Extend this education to broader security practices, from devices to data. Engage stakeholders, especially business unit executives, to integrate security into strategies, reinforcing your resilience and preserving data integrity.

5. Adopt a Zero-Trust Strategy

There's a lot of buzz around adopting a zero-trust strategy to protect and defend your organization against ransomware. Exactly as it sounds, zero trust means trust no user, software, or service. Always verify before allowing any entry into your environment via a proper combination of technology capabilities and processes.

6. Unite for Defense: Collaborate with Cybersecurity Professionals

In a landscape where attackers continuously evolve, collective knowledge and shared insights are our most potent weapons. By fostering a collaborative ecosystem, we can establish a dynamic environment where a breach recognized by one defender leads to strengthened defenses across the group, allowing us to anticipate and counteract threats more effectively. Just as threat actors collaborate, our joint efforts enable us to pool resources, share threat intelligence, and collectively elevate our security posture.

Visibility is key

Effective ransomware defense hinges on visibility. The earlier you can interrupt an attack in the kill chain, the better off your organization will be. Even though it can be difficult to recognize those early stages of reconnaissance, it's worth it to act as early as possible because the risk only increases as an attack progresses.

One of the best ways to gain visibility at any stage of an attack is with an extended detection and response (XDR) solution. I've written before about why I believe XDR is a game changer for CISOs. At Trellix, we're using our own XDR platform to gain that end-to-end visibility and stay ahead of attackers.

As ransomware threats evolve, we as cyber professionals must stay vigilant and proactive in our defense strategies. I hope this post has sparked some helpful ideas as you think about securing your own organization. I encourage you to join us at our upcoming Ransomware Virtual Showcase, where we'll share more cybersecurity best practices.